Security: System security option includes nospectre_v1

Most of the v1 mitigation is baked into the kernel and not optional. The swapgs barriers are, however, optional. They have a negative performance impact so we disable them by using the nospectre_v1 kernel bootarg. Partial-Bug: 1860193 Depends-On: https://review.opendev.org/#/c/705300 Signed-off-by: Jim Somerville <Jim.Somerville@windriver.com> (cherry picked from commit b7c6c2a168) Change-Id: Ifbeaa0ac8b60addc5aefd63578ed4facebbd9b22
2020-01-27 17:43:54 -05:00 · 2020-01-27 17:43:54 -05:00 · 39c8207cc1
parent 6e9c07c657
commit 39c8207cc1
1 changed files with 1 additions and 1 deletions
--- a/automated-pytest-suite/keywords/system_helper.py
+++ b/automated-pytest-suite/keywords/system_helper.py
@ -2413,7 +2413,7 @@ def modify_spectre_meltdown_version(version='spectre_meltdown_all',

    from keywords import host_helper
    hosts = get_hosts(con_ssh=con_ssh)
-    check_val = 'nopti nospectre_v2'
+    check_val = 'nopti nospectre_v2 nospectre_v1'
    if check_first and version == current_version:
        LOG.info(
            "{} already set in 'system show'. Checking actual cmdline options "